Passwords are part and parcel of using the web, whether for banking transactions, logging into your email or Facebook account, or for buying goods from online retailers. Creating a password that's both easy to remember and hard to crack is the key. We outline one method for creating secure passwords in our example below:
Use key phrases for passwords
Think of a phrase that you can remember. For example, ‘The quick brown fox jumped over the lazy dog’, or something more personal. Then take the first letter from each of those words, so that you have a string of letters that couldn’t be guessed using a dictionary attack – in this case 'TQBFJOTLD'.
Switch characters and cases in passwords
Armed with this random string of letters, choose which ones to keep in which case (perhaps using upper case for nouns), then substitute one or more letters for numbers. Ls can be swapped for ones, or Bs switched for eights, for example. Using this technique our test password now becomes tq8Fjot1D.
Insert special characters into your password
Use some imagination to add a symbol – in this case, we could use '^' to represent the 'o' in 'over'.
Make your password unique
With the base password in place, add a regular code for each site, for example the first and last letter of a site (so, 'F' and 'B' for Facebook) and tag them on the end. This makes our example a baffling tq8Fj^t1DFB with only minimal changes needed to make a unique code for each site visited.
Want to make sure your computer is protected? Read our Which? reviews of the best antivirus software.
Password management tools
Another option for generating and remembering codes is to use a password management tool. These can be free, like with the KeePass tool, or paid-for, as with 1Password.
These tools are great for creating unfathomably complex passwords and will auto-complete sign-in forms when you visit a site for which they have generated a password. It's important to make sure any password software you use works across all your devices, or you could find yourself locked out of your accounts when trying to sign in with a smartphone, for example. The master password for signing into the software also becomes a critical piece of information. Guard it well.
Dos and don'ts for online passwords
There are some key ways of protecting your accounts with the passwords you use:
- Don't use easily guessable whole words – 'password' is still worryingly popular
- Don't use dictionary words, because hacker software can quickly run through a whole dictionary attempting to input the right password
- Don't use sequenced numbers, such as 123456
- Don't use names, pets or family members, as these are easily guessed by people who know you
- Don't share your password with anyone
- Don't use the same password across multiple sites
- Do use a different password for every site
- Do consider using software to help you remember – making sure the program you choose works on all your devices, not just the main PC
- Do feel free to write your passwords down somewhere discrete, such as inside a paperback novel stored away from your computer – it's safer than re-using.
- Do test your password, but only with a reputable web resource, such as Microsoft's password strength tester hosted on its own website